I just purchased the Zygor guide and have emailed this concern to their webmaster. However, I wanted to warn people of this security risk before they purchased and potentially compromised their battle.net accounts and more.
The first page that displays after you click the Order Now button from http://www.zygorguides.com, is a standard, non-secure http (port 80 non-secure) site, http://www.zygorguides.com/amember/signup.php. All customers who submit their data today or providing the following unencrypted data:
1. Name
2. eMail address
3. username
4. password
Since most people like to stick to a few passwords so they can remember them, this is a high risk issue. For example, since the new Battle.net logins require our eMail address, hackers will already have the first half to getting in. On this site, they currently will have both the username and password if you use the same information for your Zygor account. If I were a hacker, I would surely be monitoring these submitted orders to steal accounts.
If you want to buy, I recommend using a password that isn't the same as any other and changing this password as soon as they secure this page and their password page. Yes, believe it or not, when you change your password after enrolling, this site is also not secure today. BUYER BEWARE.
Hope they fix it quickly,
Teresa Lee, MCSE
The first page that displays after you click the Order Now button from http://www.zygorguides.com, is a standard, non-secure http (port 80 non-secure) site, http://www.zygorguides.com/amember/signup.php. All customers who submit their data today or providing the following unencrypted data:
1. Name
2. eMail address
3. username
4. password
Since most people like to stick to a few passwords so they can remember them, this is a high risk issue. For example, since the new Battle.net logins require our eMail address, hackers will already have the first half to getting in. On this site, they currently will have both the username and password if you use the same information for your Zygor account. If I were a hacker, I would surely be monitoring these submitted orders to steal accounts.
If you want to buy, I recommend using a password that isn't the same as any other and changing this password as soon as they secure this page and their password page. Yes, believe it or not, when you change your password after enrolling, this site is also not secure today. BUYER BEWARE.
Hope they fix it quickly,
Teresa Lee, MCSE
Comment